Policy Server Guides › Policy Server Configuration Guide › CA SSO/WAC Integration › Configure an smauthetsso Custom Authentication Scheme

Configure an smauthetsso Custom Authentication Scheme

The CA SSO SiteMinder (smauthetsso) authentication scheme lets the SiteMinder Policy Server validate CA SSO authentication credentials so that a user already authenticated in an CA SSO/WAC environment does not need to re-authenticate to SiteMinder. This custom authentication scheme accepts a CA SSO Cookie as a login credential; has it validated by an CA SSO Policy Server; extracts the user name from it; and verifies that the name is present in the SiteMinder user store. You can set this authentication scheme in a cookie, cookieorbasic, or cookieorforms mode.

Note: The following procedure assumes you are creating a new object. You can also copy the properties of an existing object to create an object. More information exists in Duplicate Policy Server Objects.

To configure the authentication scheme

1. Click Infrastructure, Authentication.
2. Click Authentication Scheme, Create Authentication Scheme.

   The Create Authentication Scheme pane opens.

3. Click OK.

   Authentication scheme settings open.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

4. Select Custom Template from the Authentication Type Style list.

   Scheme-specific fields and controls open.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

5. Enter smauthetsso in the Library field.
6. Enter and confirm the password of the CA SSO Policy Server administrator in the Secret and Confirm Secret fields.
7. Define an ordered set of tokens in the Parameter field with the following format:

   Mode [; <Target>] ; AdminID ; CAPS_Host ; FIPS_Mode ; Identity_File

   Note: Separate tokens with semicolons. You may enter a space before and after each token for improved legibility.

   Example: cookie ; SMPS_sso ; myserver.myco.com ; 0 ; /certificates/def_root.pem

   Example: cookieorforms ; /siteminderagent/forms/login.fcc ; SMPS_sso ; myserver.myco.com ; 1 ; /certificates/def_root.pem

   • Mode

     Specifies the type of credentials the authentication scheme accepts. Accepted values include cookie, cookieorbasic, or cookieorforms. cookie specifies that only CA SSO cookies are acceptable; cookieorbasic specifies that a basic authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided; cookieorforms specifies that specifies that a forms authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided.

   • Target

     Specifies the pathname of the .fcc file used by the HTML Forms authentication scheme.

     Note: This value is only required for the cookieorforms mode.

   • AdminID

     Specifies the user name of the CA SSO Policy Server administrator for the CA SSO Policy Server. SiteMinder uses the administrator's user name and password to request validation of CA SSO cookies when authenticating to the CA SSO Policy Server.

   • CAPS_Host

     Specifies the name of the host where the CA SSO Policy Server resides.

   • FIPS_Mode

     Specifies the FIPS mode of operation in which the Policy Server is operating. Zero (0) specifies non-FIPS mode. One (1) specifies FIPS mode.

   • Identity_File

     Specifies the path to the CA SSO identity file. The Policy Server uses this file to communicate with the CA SSO Policy Server.

8. Click Submit.

   The authentication scheme is saved and may be assigned to a realm.